From 4be161afa9ee4c0fe2d29f6f8a8c0d75734d8bf6 Mon Sep 17 00:00:00 2001
From: John Kohl <jtkohl@mit.edu>
Date: Wed, 7 Feb 1990 10:18:09 +0000
Subject: [PATCH] change ASN.1 rep of TGS req so that AP REQ is constructed
 separately

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@293 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/krb5/asn.1/encode.h | 11 +++++++++++
 src/lib/krb5/asn.1/KRB5-asn.py  | 13 ++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/include/krb5/asn.1/encode.h b/src/include/krb5/asn.1/encode.h
index 77d0f64ff..6154da458 100644
--- a/src/include/krb5/asn.1/encode.h
+++ b/src/include/krb5/asn.1/encode.h
@@ -146,6 +146,17 @@ krb5_error_code decode_generic
 		   (translator_func) KRB5_TGS__REQ2krb5_tgs_req, \
 		   (free_func) free_KRB5_TGS__REQ)
 
+#define encode_krb5_real_tgs_req(req, output) \
+    encode_generic((krb5_pointer)req, output, \
+		   (encoder_func) encode_KRB5_RealTGS__REQ, \
+		   (translator_func) krb5_real_tgs_req2KRB5_RealTGS__REQ, \
+		   (free_func) free_KRB5_RealTGS__REQ)
+#define decode_krb5_real_tgs_req(req, output) \
+    decode_generic((krb5_pointer)req, (krb5_pointer *) output, \
+		   (decoder_func) decode_KRB5_RealTGS__REQ, \
+		   (translator_func) KRB5_RealTGS__REQ2krb5_real_tgs_req, \
+		   (free_func) free_KRB5_RealTGS__REQ)
+
 #define encode_krb5_safe(req, output) \
     encode_generic((krb5_pointer)req, output, \
 		   (encoder_func) encode_KRB5_KRB__SAFE, \
diff --git a/src/lib/krb5/asn.1/KRB5-asn.py b/src/lib/krb5/asn.1/KRB5-asn.py
index 37fad99f9..d3b760734 100644
--- a/src/lib/krb5/asn.1/KRB5-asn.py
+++ b/src/lib/krb5/asn.1/KRB5-asn.py
@@ -238,8 +238,19 @@ EncAPRepPart ::= SEQUENCE {
 	cmsec[1]			INTEGER
 }
 
+-- Ick... due to the bogus stuff generated by this ASN.1 compiler, we
+-- need to assemble the TGS request in a mutant fashion.  The checksum
+-- in the authenticator in the header in the TGS-REQ must be computed
+-- over the encoding of the rest of the message.
+-- RealTGS-REQ is encoded and then put as an octet string into the TGS-REQ.
+-- Likewise with the AP-REQ header.
+
 TGS-REQ ::= [APPLICATION 5] SEQUENCE {
-	header[0]			AP-REQ,
+	header[0]			OCTET STRING, -- encoded AP-REQ
+	tgs-request[1]			OCTET STRING -- encoded RealTGS-REQ
+}
+
+RealTGS-REQ ::= SEQUENCE {
 	pvno[1]				INTEGER,
 	msg-type[2]			INTEGER,
 	kdc-options[3]			KDCOptions,
-- 
2.26.2